- From: Patrick Stickler <patrick.stickler@nokia.com>
- Date: Thu, 25 Mar 2004 11:33:51 +0200
- To: "ext Chris Bizer" <chris@bizer.de>
- Cc: <www-archive@w3.org>, "ext Jeremy Carroll" <jjc@hplb.hpl.hp.com>, "Pat Hayes" <phayes@ihmc.us>
On Mar 24, 2004, at 15:19, ext Chris Bizer wrote: > >>> Using signatures also don't make signing agents special (=owners), >>> because >>> several agent can sign the same named graph instance. >> >> True, and then they are joint owners/publishers, if that signing >> occurs >> in the graph itself. >> > > Initial comment: The signature of a graph can not be included into the > graph > for technical reasons. > > > > Signing a graph works the following way: > > > > 1. You take a graph > > 2. You calculate the hash of it > > 3. then you encrypt the hash using your private key. > > > > Having the signature inside the graph makes it impossible to calculate > the > hash, because things are getting circular. Yes I know. I commented on this earlier. The hash generated can be based on the graph without the warrants, or simply without the signature values themselves. So, given a graph :G ( ... :G swp:warrant [ a swp:Warrant ; swp:assertedBy ex:Bob ; swp:signature "..." ] . ... ) The hash is generated based on :G ( ... :G swp:warrant [ a swp:Warrant ; swp:assertedBy ex:Bob ; swp:signature _:s ] . ... ) I.e., the only bit of information that is not captured by the signature is the signature itself. Validation of the signature then simply requires filtering out the signatures before testing the hash. Patrick -- Patrick Stickler Nokia, Finland patrick.stickler@nokia.com
Received on Thursday, 25 March 2004 05:11:13 UTC